Microsoft Finalizes EU Sovereign Cloud Project

Microsoft Completes EU Data Boundary Project

Microsoft has announced the successful completion of a long-term initiative designed to enable its European customers to retain and manage their data within the European Union.

The EU Data Boundary for the Microsoft Cloud project commenced in January 2023 and concluded this February after a two-year development period. This allows customers across Europe to store and process data utilizing Microsoft’s primary cloud offerings.

Supported Microsoft Services

The following services are now included: Microsoft 365, Dynamics 365, Power Platform, and the majority of Azure services. Data handling will occur within the EU and European Free Trade Association (EFTA) regions.

The Rise of European Data Residency

An increasing number of technology companies and cloud service providers are implementing European data residency programs. These programs, such as the EU Data Boundary, are designed to assist customers in adhering to European data protection regulations.

These regulations include the GDPR, Germany’s Federal Data Protection Act, and the U.K.’s data protection legislation. Data residency specifically refers to the geographical location where an organization’s data is physically stored, and the associated legal and policy requirements.

Data Storage and Processing Details

According to Microsoft, for services supported by the EU Data Boundary, both customer data and “pseudonymized” personal data will be stored and processed exclusively within data centers located in EU or EFTA countries.

Data categorized as “professional services data,” which encompasses information provided to Microsoft – such as specific log data – will be stored securely.

Azure Service Requirements

Microsoft clarifies that certain Azure services may necessitate a professional services data storage commitment from customers. Detailed requirements can be found on the dedicated information page.

Regulatory Scrutiny and Data Transfers

EU regulators have consistently raised concerns regarding Microsoft’s data processing practices for cloud service users. These concerns relate to the legal justifications used for data processing and ambiguities within the cloud services contract language.

It’s important to note that Microsoft is not alone in facing such scrutiny. In May 2023, Meta received a $1.3 billion fine from Ireland’s data privacy authority due to data transfers to the U.S.

Data Privacy Framework and Microsoft’s Commitment

In July 2023, the EU and U.S. established a new Data Privacy Framework, facilitating data transfers contingent upon specific privacy safeguards. Despite this agreement, Microsoft proactively announced plans last year to maintain all personal data of its European cloud customers within the EU.